Commit f1b2637d authored by Matthew Holt's avatar Matthew Holt

letsencrypt: Enable activation on empty hosts; fix email bug

parent 178c4d11
......@@ -131,7 +131,7 @@ func ObtainCerts(configs []server.Config, altPort string) error {
}
for _, cfg := range group {
if existingCertAndKey(cfg.Host) {
if cfg.Host == "" || existingCertAndKey(cfg.Host) {
continue
}
......@@ -170,8 +170,10 @@ func EnableTLS(configs []server.Config) {
continue
}
configs[i].TLS.Enabled = true
if configs[i].Host != "" {
configs[i].TLS.Certificate = storage.SiteCertFile(configs[i].Host)
configs[i].TLS.Key = storage.SiteKeyFile(configs[i].Host)
}
setup.SetDefaultTLSParams(&configs[i])
}
}
......@@ -257,13 +259,15 @@ func ConfigQualifies(cfg server.Config) bool {
cfg.Port != "80" &&
cfg.TLS.LetsEncryptEmail != "off" &&
// we get can't certs for some kinds of hostnames
HostQualifies(cfg.Host)
// we get can't certs for some kinds of hostnames,
// but we CAN get certs at request-time even if
// the hostname in the config is empty right now.
(cfg.Host == "" || HostQualifies(cfg.Host))
}
// HostQualifies returns true if the hostname alone
// appears eligible for automatic HTTPS. For example,
// localhost, empty hostname, and wildcard hosts are
// localhost, empty hostname, and IP addresses are
// not eligible because we cannot obtain certificates
// for those names.
func HostQualifies(hostname string) bool {
......@@ -397,7 +401,7 @@ func saveCertResource(cert acme.CertificateResource) error {
// be the HTTPS configuration. The returned configuration is set
// to listen on port 80.
func redirPlaintextHost(cfg server.Config) server.Config {
toURL := "https://" + cfg.Host
toURL := "https://{host}" // serve any host, since cfg.Host could be empty
if cfg.Port != "443" && cfg.Port != "80" {
toURL += ":" + cfg.Port
}
......
......@@ -46,6 +46,7 @@ func TestConfigQualifies(t *testing.T) {
cfg server.Config
expect bool
}{
{server.Config{Host: ""}, true},
{server.Config{Host: "localhost"}, false},
{server.Config{Host: "example.com"}, true},
{server.Config{Host: "example.com", TLS: server.TLSConfig{Certificate: "cert.pem"}}, false},
......@@ -105,18 +106,18 @@ func TestRedirPlaintextHost(t *testing.T) {
if actual, expected := handler.Rules[0].FromPath, "/"; actual != expected {
t.Errorf("Expected redirect rule to be for path '%s' but is actually for '%s'", expected, actual)
}
if actual, expected := handler.Rules[0].To, "https://example.com:1234{uri}"; actual != expected {
if actual, expected := handler.Rules[0].To, "https://{host}:1234{uri}"; actual != expected {
t.Errorf("Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
}
if actual, expected := handler.Rules[0].Code, http.StatusMovedPermanently; actual != expected {
t.Errorf("Expected redirect rule to have code %d but was %d", expected, actual)
}
// browsers can interpret default ports with scheme, so make sure the port
// doesn't get added in explicitly for default ports.
// browsers can infer a default port from scheme, so make sure the port
// doesn't get added in explicitly for default ports like 443 for https.
cfg = redirPlaintextHost(server.Config{Host: "example.com", Port: "443"})
handler, ok = cfg.Middleware["/"][0](nil).(redirect.Redirect)
if actual, expected := handler.Rules[0].To, "https://example.com{uri}"; actual != expected {
if actual, expected := handler.Rules[0].To, "https://{host}{uri}"; actual != expected {
t.Errorf("(Default Port) Expected redirect rule to be to URL '%s' but is actually to '%s'", expected, actual)
}
}
......@@ -252,7 +253,7 @@ func TestMakePlaintextRedirects(t *testing.T) {
func TestEnableTLS(t *testing.T) {
configs := []server.Config{
server.Config{TLS: server.TLSConfig{Managed: true}},
server.Config{Host: "example.com", TLS: server.TLSConfig{Managed: true}},
server.Config{}, // not managed - no changes!
}
......@@ -325,8 +326,9 @@ func TestMarkQualified(t *testing.T) {
{Host: "example.com", Port: "1234"},
{Host: "example.com", Scheme: "https"},
{Host: "example.com", Port: "80", Scheme: "https"},
{Host: ""},
}
expectedManagedCount := 4
expectedManagedCount := 5
MarkQualified(configs)
......
......@@ -154,10 +154,11 @@ func getEmail(cfg server.Config, skipPrompt bool) string {
if err != nil {
return ""
}
leEmail = strings.TrimSpace(leEmail)
DefaultEmail = leEmail
Agreed = true
}
return strings.TrimSpace(leEmail)
return leEmail
}
// promptUserAgreement prompts the user to agree to the agreement
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment